Re: [Sat] I-D Action: draft-ietf-satp-core-04.txt
Martin Gfeller <mgf@acm.org> Sun, 07 April 2024 20:50 UTC
Return-Path: <m.c.gfeller@gmail.com>
X-Original-To: sat@ietfa.amsl.com
Delivered-To: sat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F13CC14F6B6 for <sat@ietfa.amsl.com>; Sun, 7 Apr 2024 13:50:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.645
X-Spam-Level:
X-Spam-Status: No, score=-6.645 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DLLxJ1COP8zL for <sat@ietfa.amsl.com>; Sun, 7 Apr 2024 13:50:54 -0700 (PDT)
Received: from mail-vs1-f54.google.com (mail-vs1-f54.google.com [209.85.217.54]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F1A6C14F6AD for <sat@ietf.org>; Sun, 7 Apr 2024 13:50:54 -0700 (PDT)
Received: by mail-vs1-f54.google.com with SMTP id ada2fe7eead31-479ef1fbaecso47775137.0 for <sat@ietf.org>; Sun, 07 Apr 2024 13:50:54 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712523053; x=1713127853; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=u/ctgwnGw9CkYmK+tKZbAXQ5bBnopOoerC5N7rpqKio=; b=o+58iiSulpoiLN90Dq/mIIWimQVSMIsS7w5y4GFNxIK32tC/bj9zUacCPwzGgteNPp KLVmw4lYyQBYX0lFd7SIgNUBk1wFYaZfaCPNuKsZF0sal7d+5hYs4eVXfoVxfGrZ7c1C AL+vsDGx6a7JK6PAhb15zJCSeGTRQLRknutqKf3FwQ2k+YzyGUANm7+0PAy4BPqt4Nd6 SBTv5NWSbcObWTjRGvIMyUQcFPfGQaO4D9KX8glntkcuhrqAWEtt85iepkz39rO1udWD Q3O/nSIv57jKovX46DETzOBWgHSlpNI8lrFEH+EU8ZJSNSw5cwch826Zdk201KMsSCLm U0HQ==
X-Gm-Message-State: AOJu0YwWvbkmVou6slAk4+v0kya8gIco9JoOOp85xriKGo3C1J2jLiSJ YY3yl/alsM3BI2lFkILne0vshhPxcpqlqnsBMNLDuJ7DnK9ItJDrmScrMDC5Vq5m6M4gqWLvT6A r0Zx18bUKPBvCc735Grqr+3+7Y2LBeTrRy9A9
X-Google-Smtp-Source: AGHT+IGGfZnfpNY6O0y+4HQ3muydOMz381Z3cow2Cn9vqFg9fmTjz8TKRSqKLaME2nGifwdhq+bMCj2viMLKprTjhwI=
X-Received: by 2002:a05:6102:4412:b0:47a:68d:f6e7 with SMTP id df18-20020a056102441200b0047a068df6e7mr102068vsb.11.1712523052792; Sun, 07 Apr 2024 13:50:52 -0700 (PDT)
MIME-Version: 1.0
References: <171232704897.42279.16762954778818130945@ietfa.amsl.com>
In-Reply-To: <171232704897.42279.16762954778818130945@ietfa.amsl.com>
From: Martin Gfeller <mgf@acm.org>
Date: Sun, 07 Apr 2024 16:50:42 -0400
Message-ID: <CAOYrHJMc+uz4YEVvPoe7mgicQwLhWc_L50iUa_vJ=A8TUWLdBw@mail.gmail.com>
To: sat@ietf.org, martin.hargreaves@quant.network, Thomas Hardjono <hardjono@mit.edu>, rafael.belchior@tecnico.ulisboa.pt
Content-Type: multipart/alternative; boundary="0000000000003b4202061587d875"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sat/2prTR7QopjCcLo-HCV3O7n0LuHk>
Subject: Re: [Sat] I-D Action: draft-ietf-satp-core-04.txt
X-BeenThere: sat@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "The purpose of this mailing-list is to discuss the secure asset transfer \(SAT\) protocol and related aspects." <sat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sat>, <mailto:sat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sat/>
List-Post: <mailto:sat@ietf.org>
List-Help: <mailto:sat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sat>, <mailto:sat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Apr 2024 20:50:58 -0000
Dear Martin, Thomas, and Rafael The following notes refer to the Draft of SATP Core ( https://datatracker.ietf.org/doc/html/draft-ietf-satp-core-04). Again, my comments may show my limited understanding or my stumbling over certain wordings. Kind regards, Martin General Is there any reference to the architecture document, which is important to the understanding of this document? 3. Terminology Client application: This is the application employed by a user to interact with a gateway. Do we need to say what we want to achieve with the application? Simply interacting could mean anything. As the introduction mentions only gateways, this is the first time "application" is used. Claim: An assertion made by an Entity [JWT]. By referencing [JWT], do we prescribe that Claims are encoded as JWTs? Either state more explicitly "encoded as JWT", or relax it, as "for example encoded as JWT". Claim Type: Stipulates that JWT above is just one option. Perhaps always have "X type" before "X"; i.e., "claim type" before "claim" Network: Might be worthwhile to define network. 4.2 SAT Model When do we speak about SAT and when about SATP? I think the model is for the protocol, so SATP Model, not SAT Model. local gateway "local" is understandable, but not actually defined. As the application is defined to interact with a gateway, a gateway is always "local" from the perspective of the application. 4.7.2 Message Type Inconsistent style - drop the "This is the " 4.7.3 Digital Asset Identifier unique identifier (UUIDv2) that uniquely identifies unique, more unique, most unique? :-) application of the beneficiary This is the first time the application in NW2 is mentioned in an active role - in the document above this point, I understood that while the NW2 and GW2 are involved, the application of the beneficiary is not actively involved. 4.7.4 Session ID: (delete the ":") Was the Context-Id introduced? Yes, but below. Somewhat circular. Same problem noted in Architecture document. 4.7.5 Transfer-Context ID Is the "Sequence Number" part of the Transfer-Context ID, or a possible implementation, or something additional? 4.7.8. Payload Hash Is the algo to be used intentionally left open? 4.8 Negotiation of Security Protocols and Parameters transfer initiation stage (Stage-0) Isn't that Stage-1, according to 4.4? 7-9: Stages Do we need to repeat the use of HTTP GET and POST - until the parenthetical remark about the TLS nonce for each Stage? 10.2 The purpose The purpose Repeated. 17.2 Informative References Wouldn't including references to the SATP Architecture and Use Cases documents be good? On Fri, Apr 5, 2024 at 10:24 AM <internet-drafts@ietf.org> wrote: > Internet-Draft draft-ietf-satp-core-04.txt is now available. It is a work > item > of the Secure Asset Transfer Protocol (SATP) WG of the IETF. > > Title: Secure Asset Transfer Protocol (SATP) Core > Authors: Martin Hargreaves > Thomas Hardjono > Rafael Belchior > Name: draft-ietf-satp-core-04.txt > Pages: 39 > Dates: 2024-04-05 > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-satp-core/ >
- [Sat] I-D Action: draft-ietf-satp-core-04.txt internet-drafts
- Re: [Sat] I-D Action: draft-ietf-satp-core-04.txt Martin Gfeller
- Re: [Sat] I-D Action: draft-ietf-satp-core-04.txt Rafael Belchior
- Re: [Sat] I-D Action: draft-ietf-satp-core-04.txt Denis Avrilionis
- Re: [Sat] I-D Action: draft-ietf-satp-core-04.txt Orie Steele
- Re: [Sat] I-D Action: draft-ietf-satp-core-04.txt Thomas Hardjono